[
https://issues.apache.org/jira/browse/HIVE-78?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12650407#action_12650407
]
Ashish Thusoo commented on HIVE-78:
-----------------------------------
For Active Directory I think JNDI will work as long as we work off GSSAPI - so
I think Kerb V should work with JNDI.
However, the traditional authentication mechanisms of NTLM and NTLMv2, I think
those will not work with AD as they are proprietary protocols and the only
public domain implementations of those are present in Samba. They are mostly an
issue for old machines and old directory installations. We may as well do JNDI
for now and then
address these later.
Will check out JDBCRealm, I have not used those in the past.
For query side roles we could just model those on mysql privileges. Some of the
basic ones include:
- SELECT
- INSERT
- ALTER TABLE
- CREATE
- DROP
And on the server administration side, things like:
- KILL SESSION(QUERY)
- SHUTDOWN
- STARTUP
- VIEW SESSIONS
are useful...
We could role these privileges up into role objects so essentially your
hiveuser role would become SELECT, INSERT, CREATE
while hiveadmin would become KILL SESSION, SHUTDOWN, STARTUP, VIEW SESSIONS,
DROP, ALTER + whatever is in hiveusers
> Authentication infrastructure for Hive
> --------------------------------------
>
> Key: HIVE-78
> URL: https://issues.apache.org/jira/browse/HIVE-78
> Project: Hadoop Hive
> Issue Type: New Feature
> Reporter: Ashish Thusoo
> Assignee: Ashish Thusoo
>
> Allow hive to integrate with existing user repositories for authentication
> and authorization infromation.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
